Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
From: Valdis.Kletnieks () vt edu
Date: Mon, 21 Apr 2008 15:43:57 -0400

On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:

Exactly, I was talking about the RFC that supersedes that 
particular RFC. 

0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
     (Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by RFC2228,
     RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD)

RFC2228 is in fact about a security extension to FTP - unfortunately, section
4 of it does not have any subsections, so there is no 4.4.3.

RFC2640 is about internationalization of FTP, and has sections 4.3, 4.3.1,
and then 5.  No 4.4.3 to be found.

RFC2773 is about encryption using SKIPJACK, but it goes from 4.0 to 5.0
with no intervening 4.4.3.

RFC3659 is about FTP extensions, but unfortunately section 4 is about the
SIZE extension, and has a 4.4 but no 4.4.3 subsection.

So which RFC were you talking about?

Hint: When you find you've dug yourself into a hole, it's usually not a
good idea to keep digging...

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]